Your frame src is

http://designer.flymyphoto.com/api_ext.php

which then redirects back to

http://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php

Since the first server can't handle HTTPS, you're stuck there. Users can make an exception (see attached screen shot), but then Firefox modifies the framed page to

https://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php

and the images from the other server can't be displayed (woocommerce page uses relative paths so Firefox tries to retrieve them using the same protocol as the framed page).

In short, this part of your site does not work on HTTPS. But why are users getting HTTPS pages instead of HTTP pages?

I don't know if you shop on Amazon much, but they forcibly redirect users from HTTPS to HTTP except during account access and checkout. You might need to do something like that if the intermediary site doesn't support HTTPS.

Hello,

When you have a web page that serves 'Mixed content', where the page itself is served over HTTPS and some part of the page is served over insecure HTTP, Firefox (and other browsers) block the display of the insecure content. The only sensible solution to this problem is to serve everything over HTTPS.

There is an article about this on the Mozilla Developer Network, called 'How to fix a website with blocked mixed content'.

I hope this information was useful.

jscher2000 said

Your frame src is http://designer.flymyphoto.com/api_ext.php which then redirects back to http://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php Since the first server can't handle HTTPS, you're stuck there. Users can make an exception (see attached screen shot), but then Firefox modifies the framed page to https://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php and the images from the other server can't be displayed (woocommerce page uses relative paths so Firefox tries to retrieve them using the same protocol as the framed page). In short, this part of your site does not work on HTTPS. But why are users getting HTTPS pages instead of HTTP pages? I don't know if you shop on Amazon much, but they forcibly redirect users from HTTPS to HTTP except during account access and checkout. You might need to do something like that if the intermediary site doesn't support HTTPS.

Hi - by suggesting that we force to HTTP are you suggesting put in a redirect to force HTTP? When I visit Amazon on firefox, it redirects me to HTTPs.

Gert Van Waelvelde said

Hello, When you have a web page that serves 'Mixed content', where the page itself is served over HTTPS and some part of the page is served over insecure HTTP, Firefox (and other browsers) block the display of the insecure content. The only sensible solution to this problem is to serve everything over HTTPS. There is an article about this on the Mozilla Developer Network, called 'How to fix a website with blocked mixed content'. I hope this information was useful.

The developer of the application in the iframe has told us that it is not recommended to serve an iframe over https - is this something you are aware of?

LindseyFlagology said

Hi - by suggesting that we force to HTTP are you suggesting put in a redirect to force HTTP? When I visit Amazon on firefox, it redirects me to HTTPs.

This must be a recent change. For the better, from a privacy perspective. But yes, if your product pages do not work work smoothly on HTTPS, you can redirect to HTTP.

LindseyFlagology said

The developer of the application in the iframe has told us that it is not recommended to serve an iframe over https - is this something you are aware of?

Why not?! Because then you would need to use one of their competitors? HTTPS is the future that is nearly here; they need to get on board.

Update. Sorry I posted without updating the thread first

It works for me ok

• None Secure http://www.flagology.com/product/dog-photo-garden-flags/
• As does none secure http://www.flagology.com/

If someone tries to open it as https, or possibly you have a link or iframe using https then Firefox's Mixed Content Blocking may be triggered e.g.

• https://www.flagology.com/product/dog-photo-garden-flags/
• See Mixed content blocking in Firefox
  • Noting end users do get an option to override the block
  • Also How to fix a website with blocked mixed content https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content
• And How do I tell if my connection to a website is secure?